1 # This service which allows CGI programs to be provided which do not
2 # run as the webserver user, but instead are owned by a particular
5 # Similar effects can be achieved with Apache's suexec; this facility
6 # is for administrators who do not trust suexec and wish to defend the
7 # webserver from the CGI script providers, and vice versa, as much as
8 # possible. This is achieved by using userv to do the cross-account
9 # call, rather than a custom setuid helper.
11 # This default configuration allows the webserver user to invoke
12 # users' CGI programs from each user's ~/public-cgi, but to allow
13 # external http clients to do this, the webserver will also need to be
16 if ( grep service-user-shell /etc/shells
17 & glob calling-user www-data
22 execute /usr/local/lib/userv/ucgi/target public-cgi